diff --git a/lucene/ivy-versions.properties b/lucene/ivy-versions.properties index 000a8ab84ac..e8959da6f2f 100644 --- a/lucene/ivy-versions.properties +++ b/lucene/ivy-versions.properties @@ -63,7 +63,7 @@ com.sun.jersey.version = 1.9 /commons-collections/commons-collections = 3.2.2 /commons-configuration/commons-configuration = 1.6 /commons-digester/commons-digester = 2.1 -/commons-fileupload/commons-fileupload = 1.2.1 +/commons-fileupload/commons-fileupload = 1.3.1 /commons-io/commons-io = 2.4 /commons-lang/commons-lang = 2.6 /commons-logging/commons-logging = 1.1.3 diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index 75cba3d32c2..9605cda5b0f 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -237,6 +237,8 @@ Other Changes * SOLR-9047: zkcli should allow alternative locations for log4j configuration (Gregory Chanan) +* SOLR-9053: Upgrade commons-fileupload to 1.3.1, fixing a potential vulnerability (Jeff Field, janhoy) + ================== 6.0.0 ================== Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release diff --git a/solr/licenses/commons-fileupload-1.2.1.jar.sha1 b/solr/licenses/commons-fileupload-1.2.1.jar.sha1 deleted file mode 100644 index 0d62b9b4bc8..00000000000 --- a/solr/licenses/commons-fileupload-1.2.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -384faa82e193d4e4b0546059ca09572654bc3970 diff --git a/solr/licenses/commons-fileupload-1.3.1.jar.sha1 b/solr/licenses/commons-fileupload-1.3.1.jar.sha1 new file mode 100644 index 00000000000..32f48724c86 --- /dev/null +++ b/solr/licenses/commons-fileupload-1.3.1.jar.sha1 @@ -0,0 +1 @@ +c621b54583719ac0310404463d6d99db27e1052c